Many organizations need to ensure that certain files are not transmitted over a network, or are transmitted in a secure manner, in order to maintain confidentiality of these files. This can be achieved by monitoring a network for known file transfers which are for example, sent from non-authorized sources, or to non-authorized destinations, or propagated over a non-expected part of a network, and at a non-probable time. Government and public security agencies also benefit from cyber-watch or cyber-surveillance to catch potential offenses, illicit file possessions and the like. Cyber-surveillance is also helpful in the fight against cyber-viruses and to enforce copyright protection.
Current cyber-surveillance is typically achieved using software-based “sniffers” which extract certain patterns or characteristics from data transmitted over a network. Once extracted, the data is then analyzed. In most cases, data that has been transmitted on various network layers is entirely reconstructed before further processing can be done to identify the file. Such schemes are time consuming and require a considerable amount of processing resources. File detection is thus only achieved after the data has been transmitted over the network, even where the transfer occurs at relatively low data rates such as 100 Mb/s.
There is therefore a need for an improved method and system for detecting known files, either during transmission or statically when stored on a medium.